From d4025908b7171141ebe99001a3681d211d12961b Mon Sep 17 00:00:00 2001
From: James Allen <james@sharelatex.com>
Date: Thu, 1 Mar 2018 10:17:12 +0000
Subject: [PATCH] Add in enabledLinkedFileTypes setting

---
 .../coffee/Features/LinkedFiles/LinkedFilesController.coffee | 5 +++++
 services/web/app/views/project/editor.pug                    | 3 ++-
 services/web/config/settings.defaults.coffee                 | 2 ++
 services/web/docker-compose.yml                              | 1 +
 .../ide/file-tree/controllers/FileTreeController.coffee      | 3 +++
 5 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/services/web/app/coffee/Features/LinkedFiles/LinkedFilesController.coffee b/services/web/app/coffee/Features/LinkedFiles/LinkedFilesController.coffee
index f2566beb5c..e2320d148a 100644
--- a/services/web/app/coffee/Features/LinkedFiles/LinkedFilesController.coffee
+++ b/services/web/app/coffee/Features/LinkedFiles/LinkedFilesController.coffee
@@ -1,5 +1,7 @@
 AuthenticationController = require '../Authentication/AuthenticationController'
 EditorController = require '../Editor/EditorController'
+Settings = require 'settings-sharelatex'
+logger = require 'logger-sharelatex'
 
 module.exports = LinkedFilesController = {
 	Agents: {
@@ -10,9 +12,12 @@ module.exports = LinkedFilesController = {
 		{project_id} = req.params
 		{name, provider, data, parent_folder_id} = req.body
 		user_id = AuthenticationController.getLoggedInUserId(req)
+		logger.log {project_id, name, provider, data, parent_folder_id, user_id}, 'create linked file request'
 
 		if !LinkedFilesController.Agents.hasOwnProperty(provider)
 			return res.send(400)
+		unless provider in Settings.enabledLinkedFileTypes
+			return res.send(400)
 		Agent = LinkedFilesController.Agents[provider]
 
 		linkedFileData = Agent.sanitizeData(data)
diff --git a/services/web/app/views/project/editor.pug b/services/web/app/views/project/editor.pug
index 88ca3364b8..fed8f4beec 100644
--- a/services/web/app/views/project/editor.pug
+++ b/services/web/app/views/project/editor.pug
@@ -106,7 +106,7 @@ block requirejs
 	//- We need to do .replace(/\//g, '\\/') do that '</script>' -> '<\/script>'
 	//- and doesn't prematurely end the script tag.
 	script#data(type="application/json").
-		!{JSON.stringify({userSettings: userSettings, user: user, trackChangesState: trackChangesState, useV2History: useV2History}).replace(/\//g, '\\/')}
+		!{JSON.stringify({userSettings: userSettings, user: user, trackChangesState: trackChangesState, useV2History: useV2History, enabledLinkedFileTypes: settings.enabledLinkedFileTypes}).replace(/\//g, '\\/')}
 
 	script(type="text/javascript").
 		window.data = JSON.parse($("#data").text());
@@ -115,6 +115,7 @@ block requirejs
 		var data = JSON.parse($("#data").text());
 		window.userSettings = data.userSettings;
 		window.user = data.user;
+		window.enabledLinkedFiles = data.enabledLinkedFiles;
 		window.csrfToken = "!{csrfToken}";
 		window.anonymous = #{anonymous};
 		window.anonymousAccessToken = "#{anonymousAccessToken}";
diff --git a/services/web/config/settings.defaults.coffee b/services/web/config/settings.defaults.coffee
index 303743731d..1a057d4be8 100644
--- a/services/web/config/settings.defaults.coffee
+++ b/services/web/config/settings.defaults.coffee
@@ -216,6 +216,8 @@ module.exports = settings =
 
 	enableSubscriptions:false
 
+	enabledLinkedFileTypes: (process.env['ENABLED_LINKED_FILE_TYPES'] or '').split(',')
+
 	# i18n
 	# ------
 	#
diff --git a/services/web/docker-compose.yml b/services/web/docker-compose.yml
index 0f228d528c..b6649b65d3 100644
--- a/services/web/docker-compose.yml
+++ b/services/web/docker-compose.yml
@@ -15,6 +15,7 @@ services:
       MONGO_URL: "mongodb://mongo/sharelatex"
       SHARELATEX_ALLOW_PUBLIC_ACCESS: 'true'
       PROJECT_HISTORY_ENABLED: 'true'
+      ENABLED_LINKED_FILE_TYPES: 'url'
       LINKED_URL_PROXY: 'http://localhost:6543'
     depends_on:
       - redis
diff --git a/services/web/public/coffee/ide/file-tree/controllers/FileTreeController.coffee b/services/web/public/coffee/ide/file-tree/controllers/FileTreeController.coffee
index 08f26862cb..3d4077b2dd 100644
--- a/services/web/public/coffee/ide/file-tree/controllers/FileTreeController.coffee
+++ b/services/web/public/coffee/ide/file-tree/controllers/FileTreeController.coffee
@@ -31,6 +31,9 @@ define [
 			)
 
 		$scope.openLinkedFileModal = window.openLinkedFileModal = () ->
+			unless 'url' in window.data.enabledLinkedFileTypes
+				console.warn("Url linked files are not enabled")
+				return
 			$modal.open(
 				templateUrl: "linkedFileModalTemplate"
 				controller:  "LinkedFileModalController"